KASAN: slab-out-of-bounds Read in cttimeout_net

Title	Replies (including bot)	Last reply
[PATCH net 0/5] Netfilter fixes for net	7 (7)	2022/06/22 05:50
[PATCH nf] netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit	1 (1)	2022/06/15 13:40
[syzbot] KASAN: slab-out-of-bounds Read in cttimeout_net_exit	0 (2)	2022/06/15 12:06
[PATCH net 0/4] Netfilter fixes for net	6 (6)	2022/05/27 10:20
[PATCH net-next 00/11] Netfilter updates for net-next	19 (19)	2022/05/20 23:16
[PATCH nf-next] netfilter: cttimeout: fix slab-out-of-bounds read in cttimeout_net_exit	2 (2)	2022/05/19 20:40

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 5.19.0-rc2-syzkaller-00147-gf0ec9c65a8d6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net RIP: 0010:__list_del_entry_valid+0x81/0xf0 lib/list_debug.c:51 Code: 0f 84 9c c6 41 05 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 9d c6 41 05 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 51 49 8b 14 24 48 39 ea 0f 85 51 c6 41 05 49 8d 7d RSP: 0018:ffffc90000bd7bc0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888022b07710 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff879df8f1 RDI: ffff888022b07728 RBP: ffff888022b07720 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888022b07728 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffeb48085d8 CR3: 000000006f0a1000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __list_del_entry include/linux/list.h:134 [inline] list_del include/linux/list.h:148 [inline] cttimeout_net_exit+0x211/0x540 net/netfilter/nfnetlink_cttimeout.c:618 ops_exit_list+0xb0/0x170 net/core/net_namespace.c:162 cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594 process_one_work+0x996/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_del_entry_valid+0x81/0xf0 lib/list_debug.c:51 Code: 0f 84 9c c6 41 05 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 9d c6 41 05 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 51 49 8b 14 24 48 39 ea 0f 85 51 c6 41 05 49 8d 7d RSP: 0018:ffffc90000bd7bc0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888022b07710 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff879df8f1 RDI: ffff888022b07728 RBP: ffff888022b07720 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888022b07728 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffeb48085d8 CR3: 00000000255dc000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 0f 84 9c c6 41 05 je 0x541c6a2 6: 48 b8 22 01 00 00 00 movabs $0xdead000000000122,%rax d: 00 ad de 10: 49 39 c4 cmp %rax,%r12 13: 0f 84 9d c6 41 05 je 0x541c6b6 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 4c 89 e2 mov %r12,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 75 51 jne 0x81 30: 49 8b 14 24 mov (%r12),%rdx 34: 48 39 ea cmp %rbp,%rdx 37: 0f 85 51 c6 41 05 jne 0x541c68e 3d: 49 rex.WB 3e: 8d .byte 0x8d 3f: 7d .byte 0x7d

Crashes (1444):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Manager	Title
2022/06/18 04:01	upstream	f0ec9c65a8d6	cb58b3b2	.config	strace log	report	syz	C		ci-upstream-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/15 12:06	net-next-old	6ac6dc746d70	127d1faf	.config	strace log	report	syz	C		ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/02 23:05	upstream	17d8e3d90b69	02dddea8	.config	console log	report			info	ci-qemu-upstream	KASAN: slab-out-of-bounds Read in cttimeout_net_exit
2022/05/17 17:46	net-next-old	65a9dedc11d6	744a39e2	.config	console log	report			info	ci-upstream-net-kasan-gce	KASAN: slab-out-of-bounds Read in cttimeout_net_exit
2022/05/16 11:50	net-next-old	d887ae3247e0	744a39e2	.config	console log	report			info	ci-upstream-net-kasan-gce	KASAN: slab-out-of-bounds Read in cttimeout_net_exit
2022/06/24 01:41	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/24 00:35	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/23 18:52	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/23 16:10	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/23 15:07	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/23 13:50	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/23 10:11	upstream	3abc3ae553c7	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/23 09:36	upstream	3abc3ae553c7	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/23 07:01	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-qemu-upstream	general protection fault in cttimeout_net_exit
2022/06/23 00:33	upstream	3abc3ae553c7	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-root	general protection fault in cttimeout_net_exit
2022/06/22 23:22	upstream	3abc3ae553c7	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-root	general protection fault in cttimeout_net_exit
2022/06/22 22:56	upstream	3abc3ae553c7	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/22 21:35	upstream	3abc3ae553c7	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-root	general protection fault in cttimeout_net_exit
2022/06/22 20:34	upstream	3abc3ae553c7	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-root	general protection fault in cttimeout_net_exit
2022/06/22 08:22	upstream	ca1fdab7fd27	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 00:29	upstream	ca1fdab7fd27	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/21 23:24	upstream	ca1fdab7fd27	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/21 20:27	upstream	78ca55889a54	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/21 15:21	upstream	78ca55889a54	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-root	general protection fault in cttimeout_net_exit
2022/06/21 05:15	upstream	78ca55889a54	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/21 03:37	upstream	78ca55889a54	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/21 02:24	upstream	78ca55889a54	0fc5c330	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/20 19:04	upstream	78ca55889a54	8d15e28d	.config	console log	report			info	ci-upstream-kasan-gce-selinux-root	general protection fault in cttimeout_net_exit
2022/06/20 18:12	upstream	78ca55889a54	8d15e28d	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/20 17:00	upstream	78ca55889a54	8d15e28d	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/20 15:38	upstream	78ca55889a54	8d15e28d	.config	console log	report			info	ci-upstream-kasan-gce-root	general protection fault in cttimeout_net_exit
2022/06/20 14:35	upstream	a111daf0c53a	789e5a63	.config	console log	report			info	ci-qemu-upstream	general protection fault in cttimeout_net_exit
2022/06/20 14:34	upstream	a111daf0c53a	8d15e28d	.config	console log	report			info	ci-upstream-kasan-gce-smack-root	general protection fault in cttimeout_net_exit
2022/06/20 13:25	upstream	a111daf0c53a	8f633d84	.config	console log	report			info	ci-upstream-kasan-gce-root	general protection fault in cttimeout_net_exit
2022/06/24 07:21	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-386	general protection fault in cttimeout_net_exit
2022/06/23 20:15	upstream	de5c208d533a	912f5df7	.config	console log	report			info	ci-upstream-kasan-gce-386	general protection fault in cttimeout_net_exit
2022/06/21 21:57	upstream	ca1fdab7fd27	0fc5c330	.config	console log	report			info	ci-qemu-upstream-386	general protection fault in cttimeout_net_exit
2022/06/21 00:43	upstream	78ca55889a54	0fc5c330	.config	console log	report			info	ci-qemu-upstream-386	general protection fault in cttimeout_net_exit
2022/06/08 15:59	upstream	9886142c7a22	b2706118	.config	console log	report			info	ci-qemu2-arm64	BUG: unable to handle kernel paging request in cttimeout_net_exit
2022/05/31 07:18	upstream	2c5ca23f7414	af70c3a9	.config	console log	report			info	ci-qemu2-arm32	BUG: unable to handle kernel NULL pointer dereference in cttimeout_net_exit
2022/06/22 10:32	net-old	69135c572d1f	0fc5c330	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 08:16	net-old	69135c572d1f	0fc5c330	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 02:58	net-old	69135c572d1f	0fc5c330	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/21 16:36	net-old	69135c572d1f	0fc5c330	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/21 08:13	net-old	69135c572d1f	0fc5c330	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/21 04:09	net-old	69135c572d1f	0fc5c330	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/20 12:07	net-old	313c502fa3b3	8f633d84	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/20 10:19	net-old	313c502fa3b3	8f633d84	.config	console log	report			info	ci-upstream-net-this-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/24 04:05	net-next-old	85763435d5b5	912f5df7	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/23 08:28	net-next-old	6dd4142fb5a9	912f5df7	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/23 02:35	net-next-old	6dd4142fb5a9	912f5df7	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 18:44	net-next-old	a80d8fb70cc7	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 13:43	net-next-old	a80d8fb70cc7	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 06:42	net-next-old	8720bd951b8e	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 04:44	net-next-old	8720bd951b8e	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 01:56	net-next-old	8720bd951b8e	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/21 12:58	net-next-old	4336487e30c3	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/21 10:09	net-next-old	4336487e30c3	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/21 06:31	net-next-old	4336487e30c3	0fc5c330	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/20 09:11	net-next-old	a56b158a5078	8f633d84	.config	console log	report			info	ci-upstream-net-kasan-gce	general protection fault in cttimeout_net_exit
2022/06/22 16:46	linux-next	ac0ba5454ca8	0fc5c330	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root	BUG: corrupted list in cttimeout_net_exit
2022/06/15 18:59	linux-next	6012273897fe	1719ee24	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root	BUG: corrupted list in cttimeout_net_exit

Crashes (1444):

Assets (help?)

2022/06/18 04:01

upstream